Investigate vulnerability: protobuf-python has a potential Denial of Service issue

Issue created from vulnerability 14

Description:

Any project that uses Protobuf pure-Python backend to parse untrusted Protocol Buffers data containing an arbitrary number of recursive groups, recursive messages or a series of SGROUP tags can be corrupted by exceeding the Python recursion limit.

Reporter: Alexis Challande, Trail of Bits Ecosystem Security Team ecosystem@trailofbits.com

• Severity: unknown
• Location: services/TS29222_CAPIF_API_Invoker_Management_API/requirements.txt

Solution:

Upgrade to versions 4.25.8, 5.29.5, 6.31.1 or above.

Identifiers:

• CWE-937
• CWE-1035
• Gemnasium-0aea0b39-50bb-4660-ad1f-22ce501a3c8f
• CVE-2025-4565
• GHSA-8qvm-5x2c-j2w7
• CWE-674

Scanner:

• Name: gemnasium-python